China said to insert spy chips into Supermicro servers

October 8th, 2018 by · 13 Comments

This article was authored by Dylan Bushell-Embling, and was originally posted on

An explosive report has accused Chinese intelligence agencies of sneaking a tiny chip into servers assembled in China for US chip maker Supermicro that introduced hardware vulnerabilities enabling stealth access to any network using the altered devices.

Bloomberg has reported, citing multiple sources, that US investigators have found evidence of an unprecedented supply chain attack on servers used by companies including Amazon and Apple.

The allegedly compromised components were used by video streaming company Elemental Technologies for its services compressing video files and optimizing them for different devices.

According to the report, a third party company hired by AWS to scrutinize Elemental’s security in advance of Amazon’s potential acquisition of the company discovered a tiny microchip in a sample server that was not part of the original design. Apple was also reportedly a major Supermicro customer, using its components for a global network of data centers, the report adds.

This chip allegedly allows for the creation of a stealth doorway into any network using the altered servers. The investigation reportedly subsequently found evidence that the chips had been inserted by four subcontractors of Supermicro’s primary manufacturers for its motherboards, which are based in Shanghai and Taiwan.

Interactions between Chinese officials, manufacturers and middlemen in China intercepted by investigators suggest that middlemen offered bribes and threats to coerce the subcontractors to insert the chips on behalf of a PLA unit specializing in hardware attacks, the report claims.

But Amazon, Apple and Supermicro have all subsequently released statements challenging the report. Apple has been particularly firm in its denial of the report, stating that the company has repeatedly found “absolutely no evidence” to support Bloomberg’s claims, and has consistently provided statements refuting almost all aspects of the story as it relates to Apple.

Supermicro has also stated that it is unaware of any investigation and has not been contacted by the government, while China’s Ministry of Foreign Affairs has insisted that the nation “is a resolute defender of cybersecurity” and that supply chain security is a concern of all governments.

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Other Posts · Security

Join the Discussion!

13 Comments So Far

  • Anonymous says:

    if you are any service provider of any type or a vendor sourcing parts, and you aren’t selling exclusively in China, use of any hardware or software from them has got to be in question. And long before this report came out, too. Any telco with Huawei gear, for example, is not taking security seriously.

    If you’re Apple, the already ridiculously expensive phone prices are heavily reliant on their denials but that doesn’t mean its not true. Cheap slave labor has some occasional drawbacks.

    Next up, Google selling its soul and allowing its intellectual property to be reverse engineered to the comms. Imagine what elections they could “hack” then. Though I guess its only a “hack” if we don’t like the results. Maybe a compliant administration who kowtows to them is what we all secretly want.

  • Anonymous says:

    Considering this means the whole tech hardware supply chain could be affected and it gets no msm attention is unbelievable. Apparently no one cares about national security if they can save .02/shr this quarter by outsourcing to China.

  • Anonymous says:

    BB article claimed it could possible have hit DoD servers and military gear.

  • Anonymous says:

    Has the USA given up on national security? How can you defend against hardware hacks?

    • Anonymous says:

      Given the national security implications, military, spy, I.P., economic, this seems to get zero msm visibility….passing story like a traffic report, omg. also since every business seems vulnerable, none of them want it discussed…shhhhhh

      • Anonymous says:

        If there is an anti-Trump angle I bet they could get some airtime stat. Maybe China-Trump collusion conspiracy?

      • Anonymous says:

        Not sure what press you read but I have seen it very widely reported everywhere, including on many front pages. Given the vociferous denials from all involved/implicated it is hard to continue after that initial lead until more evidence comes to light.

        I do not know what you are expecting. The conspiracy and panic mongers will undoubtedly continue to discuss it in increasingly fevered language, but generally reputable/reliable news moves forward based on new facts following investigation.

  • Anonymous says:

    The article mentions servers, but why could’t they get to the firewall boxes made there? pwned!

Leave a Comment

You may Log In to post a comment, or fill in the form to post anonymously.

  • Ramblings’ Jobs

    Post a Job - Just $99/30days
  • Event Calendar